package org.example.common.security.aspect;

import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.Signature;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.reflect.MethodSignature;
import org.example.common.core.constants.HttpStatus;
import org.example.common.core.domain.model.LoginUser;
import org.example.common.redis.utils.LoginHelper;
import org.example.common.security.annotation.PreRoleAuthorize;
import org.example.common.security.exception.PreAuthorizeException;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;

/**
 * 自定义权限实现
 *
 */
@Aspect
@Component
public class PreRoleAuthorizeAspect
{
    /** 数组为0时 */
    private static final Integer ARRAY_EMPTY = 0;

    @Around("@annotation(preRoleAuthorize)")
    public Object around(ProceedingJoinPoint point,PreRoleAuthorize preRoleAuthorize) throws Throwable
    {
        Signature signature = point.getSignature();
        MethodSignature methodSignature = (MethodSignature) signature;
        if (ObjectUtils.isEmpty(preRoleAuthorize))
        {
            return point.proceed();
        }
        if (!StringUtils.isEmpty(preRoleAuthorize.hasRole()))
        {
            if (hasRole(preRoleAuthorize.hasRole()))
            {
                return point.proceed();
            }
            throw new PreAuthorizeException(HttpStatus.ERROR,new String[]{preRoleAuthorize.hasRole()});
        }
        else if (!StringUtils.isEmpty(preRoleAuthorize.lacksRole()))
        {
            if (lacksRole(preRoleAuthorize.lacksRole()))
            {
                return point.proceed();
            }
            throw new PreAuthorizeException(HttpStatus.ERROR,new String[]{preRoleAuthorize.lacksRole()});
        }
        else if (ARRAY_EMPTY < preRoleAuthorize.hasAnyRoles().length)
        {
            if (hasAnyRoles(preRoleAuthorize.hasAnyRoles()))
            {
                return point.proceed();
            }
            throw new PreAuthorizeException(HttpStatus.ERROR,preRoleAuthorize.hasAnyRoles());
        }
        return point.proceed();
    }
    /**
     * 判断用户是否拥有某个角色
     *
     * @param role 角色字符串
     * @return 用户是否具备某角色
     */
    public boolean hasRole(String role)
    {
        LoginUser loginUser = LoginHelper.getLoginUser();
        if (StringUtils.isEmpty(loginUser) || CollectionUtils.isEmpty(loginUser.getRoles()))
        {
            return false;
        }
        for (String roleKey : loginUser.getRoles())
        {
            if (loginUser.isSuperAdmin()
                    || roleKey.equals(role))
            {
                return true;
            }
        }
        return false;
    }

    /**
     * 验证用户是否不具备某角色，与 isRole逻辑相反。
     *
     * @param role 角色名称
     * @return 用户是否不具备某角色
     */
    public boolean lacksRole(String role)
    {
        return hasRole(role) != true;
    }

    /**
     * 验证用户是否具有以下任意一个角色
     *
     * @param roles 角色列表
     * @return 用户是否具有以下任意一个角色
     */
    public boolean hasAnyRoles(String[] roles)
    {
        LoginUser loginUser = LoginHelper.getLoginUser();
        if (StringUtils.isEmpty(loginUser) || CollectionUtils.isEmpty(loginUser.getRoles()))
        {
            return false;
        }
        for (String role : roles)
        {
            if (hasRole(role))
            {
                return true;
            }
        }
        return false;
    }
}
